奇安信CodeSafe

icon indicating a website link http://www.codesafe.cn/

Results 348 issues of 奇安信CodeSafe

There is a vulnerability in Apache Solr 5.5.4,upgrade recommended

https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/submarine-security/spark-security/pom.xml#L53 CVE-2019-0192 CVE-2017-3164 CVE-2019-0193 CVE-2019-17558 CVE-2020-13941 Recommended upgrade version: 8.4.1.7.1.3.3-3

dependencies

here is a vulnerability in jackson-databind 1.9.13,upgrade recommended

https://github.com/apache/submarine/blob/3041ef26ad04c0bddd2257a28694aa4e2b4cc837/pom.xml#L120 CVE-2017-15095 CVE-2018-7489 CVE-2019-14540 CVE-2019-16335 CVE-2019-17267 CVE-2019-14893 CVE-2018-5968 CVE-2019-10172 CVE-2018-1000873 Recommended upgrade version: 2.6.7.4

dependencies

Branch condition evaluates to a garbage value

https://github.com/intel/libyami/blob/90ac9995763ad569157b3a216da88e090720ed70/encoder/vaapiencoder_base.cpp#L686 'isEmpty' declared without an initial value https://github.com/intel/libyami/blob/90ac9995763ad569157b3a216da88e090720ed70/encoder/vaapiencoder_base.cpp#L681 Calling 'checkEmpty()' in line 685, and the checkEmpty() defined in line 642. Entered call from 'checkEmpty()', returning without writing to '*outEmpty' https://github.com/intel/libyami/blob/90ac9995763ad569157b3a216da88e090720ed70/encoder/vaapiencoder_base.cpp#L647

There is a vulnerability in CodeMirror 5.57.0,upgrade recommended

https://github.com/apache/echarts-doc/blob/47f5c06b632f505593289449ddf19bcfaa306c27/editor/package-lock.json#L3451-L3454 CVE-2020-7760 Recommended upgrade version:5.59.1

There is a vulnerability in highlight.js 9.18.1,upgrade recommended

https://github.com/apache/echarts-doc/blob/47f5c06b632f505593289449ddf19bcfaa306c27/package-lock.json#L4410-L4413 CVE-2020-26237 Recommended upgrade version:9.18.2

There is a vulnerability in py 1.4.26,upgrade recommended

https://github.com/apache/dubbo-python/blob/de1206f22839b4737277db9158ba701d61fe2af7/requirements.txt#L3 CVE-2020-29651 Recommended upgrade version:1.4.32.dev1

There is a vulnerability in junit 4.12,upgrade recommended

https://github.com/didi/thrift-mock/blob/32c5e0ec2c6f2f39073283c4d6e815c9c9de8468/thrift-mock-server4junit/pom.xml#L29-L31 CVE-2020-15250 Recommended upgrade version:4.13.1

There is a vulnerability in guava 19.0 ,upgrade recommended

https://github.com/didi/thrift-mock/blob/32c5e0ec2c6f2f39073283c4d6e815c9c9de8468/pom.xml#L56-L58 CVE-2018-10237 Recommended upgrade version:24.1.1.jre

XSS Reflected

1 comment

Hi, This is Qihoo360 CodeSafe Team, we found a XSS Reflected issue, see app/ At line 135,without check parameters, resulting in xss reflected ![image](https://user-images.githubusercontent.com/39950310/50554235-08287980-0cf2-11e9-8172-a746c699d231.png) Since I not familiar with euro2016-TerminalApp,...

There is a vulnerability in jackson-databind 2.7.8 ,upgrade recommended

https://github.com/SAP/apibusinesshub-integration-recipes/blob/b7ce201a1b72bec580e63af571399440f02f8b01/Recipes/for/mongodb-integration-adapter/Project-Source/camel-mongodb/pom.xml#L67 CVE-2020-9547 CVE-2018-14719 CVE-2018-14718 CVE-2019-14379 CVE-2019-20330 Recommended upgrade version: 2.9.10.8